Antivirus programs signal this, but are the new attacks appearing, or maybe the companies that produce antivirus software use this kind of alerts mainly to stimulate consumers to buy these applications?
Is the information about the growing threat from the activities of cybercriminals also partly a result of marketing activities of antivirus software vendors?
Cybercriminal attacks involving various types of viruses occur on a daily basis in various places around the globe.
However, large-scale attacks on the global scale and publicized in the media are probably much rarer.
An example was the type of cybercriminals, which was carried out on a large scale in mid-2017, which was mainly targeted at large public and financial institutions and corporations operating in Ukraine, but quickly spread over the world through capital and business links between companies.
Then ransomware viruses known only often in the environments of security specialists, among computer scientists analyzing cybercriminal attacks, has been publicized in the media in many countries and has become a global and public problem.
In this situation, sales revenues and profits of companies producing antivirus software are growing significantly.
Recently, some of these antivirus programs inform that the threat of cybercriminal attacks involving ransomware is growing.
Is it a real increase in the risk of cybercrime or a new form of marketing for companies that produce antivirus software?
Or both?
Please, answer, comments. I invite you to the discussion.
I agree with you, but it's not all about sales.
I think the most blatant was the quest for fame/notoriety by the irresponsible so-called researchers, who published the obscure (and, largely unexploitable) 'vulnerability in the instruction queue of Intel CPU's. This caused widescale panic, a few remedies which were worse than the disease, all for a bug which no hacker would ever dream of trying to exploit. Why? Because it's not cost-effective. Cybercrime is a business and, like any other, it needs to maximise ROI, so patiently hacking one PC in the hope that a password will materialise for a bank account which actually contains money is something only a researcher would do.
As a cybersecurity company, (designsim.com.au) we take a battering 24/7 from about 72 countries, mainly from botnets, so we're fairly up to date on the latest trends.
The main attack vector over the last three or four months is a DDoS attempt which appears to come from compromised IoT devices, probably NVR/DVR or routers, originating mainly in South America and looking like this (with the cutely-imbecilic and fake Referer)
181.214.196.62 - - [30/Oct/2018:00:37:37 +1100] "POST /botnet_hack.txt/trackback/ HTTP/1.0" 403 16896 "http://staging.Esal.us/wiki/index.php?title=The_Famous_Koh-i-nor_Diamond" "PHP/5.3.01"
To date we've had over 10,000 such hack attempts.
Second, is a revival of an old Drupal vulnerability, consisting of a pair of queries like:
107.161.94.87 - - [29/Oct/2018:16:03:17 +1100] "GET /?q=node/add HTTP/1.1" 200 18466
107.161.94.87 - - [29/Oct/2018:16:03:18 +1100] "GET /?q=user/register HTTP/1.1" 200 18466
the hope being for an escalation of privileges.
Lastly, one that never goes away, is the eternal exploitation of the thousands of bugs in WordPress/PHP:
94.102.49.122 - - [30/Oct/2018:06:07:50 +1100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "ZmEu"
159.69.39.191 - - [30/Oct/2018:06:14:04 +1100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 225
Perhaps it would be a good time to get the IDS to trigger on these.
I agree with you, but it's not all about sales.
I think the most blatant was the quest for fame/notoriety by the irresponsible so-called researchers, who published the obscure (and, largely unexploitable) 'vulnerability in the instruction queue of Intel CPU's. This caused widescale panic, a few remedies which were worse than the disease, all for a bug which no hacker would ever dream of trying to exploit. Why? Because it's not cost-effective. Cybercrime is a business and, like any other, it needs to maximise ROI, so patiently hacking one PC in the hope that a password will materialise for a bank account which actually contains money is something only a researcher would do.
As a cybersecurity company, (designsim.com.au) we take a battering 24/7 from about 72 countries, mainly from botnets, so we're fairly up to date on the latest trends.
The main attack vector over the last three or four months is a DDoS attempt which appears to come from compromised IoT devices, probably NVR/DVR or routers, originating mainly in South America and looking like this (with the cutely-imbecilic and fake Referer)
181.214.196.62 - - [30/Oct/2018:00:37:37 +1100] "POST /botnet_hack.txt/trackback/ HTTP/1.0" 403 16896 "http://staging.Esal.us/wiki/index.php?title=The_Famous_Koh-i-nor_Diamond" "PHP/5.3.01"
To date we've had over 10,000 such hack attempts.
Second, is a revival of an old Drupal vulnerability, consisting of a pair of queries like:
107.161.94.87 - - [29/Oct/2018:16:03:17 +1100] "GET /?q=node/add HTTP/1.1" 200 18466
107.161.94.87 - - [29/Oct/2018:16:03:18 +1100] "GET /?q=user/register HTTP/1.1" 200 18466
the hope being for an escalation of privileges.
Lastly, one that never goes away, is the eternal exploitation of the thousands of bugs in WordPress/PHP:
94.102.49.122 - - [30/Oct/2018:06:07:50 +1100] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 226 "-" "ZmEu"
159.69.39.191 - - [30/Oct/2018:06:14:04 +1100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 225
Perhaps it would be a good time to get the IDS to trigger on these.
There is no week for me to be out of touch with Ransomware. Only some attacks are publicized - those that are carried out on a large scale or those that will hit sufficiently important institutions. The threat exists all the time. The fact that most attacks use mutations of previously known viruses and methods, but this has always been the case. Original and innovative ideas have always been in the minority.
Regarding the attack on Ukraine - it could have been part of a hybrid war. It not only did economic, but also image damage. As a result of this attack, Ukraine has been shown as a weak and unreliable country that is a source of potential threat.
In many cases, for example, failure of banking systems, we do not really know whether it was a simple failure or the effects of an attack. Certain things are deliberately kept secret.
Yes - cybercrime is the same as for example drug trafficking. He must pay. Therefore, putting an individual effort into an attack against a particular institution must involve the possibility of sufficiently large benefits. Mass attacks targeting a wide audience are automated, easy to detect and not very effective. But there is always someone who does not pay attention and expecting the .pdf document to open the .pif executable file
It would be interesting to study the dependence of the frequency and scale of attacks with the cryptocurrency rate. Several times I noticed increases directly after the wave of attacks. Perhaps the ransom pays more victims of attacks than is officially admitted to it. I am personally informed of four credible situations, where the ransom was paid, only in one of them the victim of the attack received the encryption key that worked.
I also know two cases when someone was considering paying the ransom, but eventually he failed to contact the criminal.
If you want to observe the threat of Ransomware, create several e-mail accounts and use them in a low-risk way for half a year - for example by publishing them publicly on the internet using login or suspicious websites so that the bots of offenders can easily find them to track down. The Dark Side of Power will come to you by itself :)
It is obvious that these threats are used to promote antivirus programs. For the effective sale of various types of security, the sense of danger is much more important than the threat itself.
Earlier this year, Kaspersky Labs claimed that cryptominers have overtaken ransomware as the top threat and ransomware is in decline (https://www.kaspersky.com/blog/cryptominers-almost-double/22898/). However, ransomware is still out there and continues to be very disruptive. Of course, regular backups can help mitigate ransomware attacks, but AV vendors are naturally going to push their products & the scare that is ransomware can be used as a selling point. In my opinion, I'd say it's a bit of both.
- Badges
- Science topic
- Similar topics
- Computer Science and Engineering
- Software